Total system for preventing information outflow from inside

ABSTRACT

Disclosed is a total system for preventing an online and off-line leakage of information, which includes a security maintenance client having a program storing a file in a storing device and a file security control part which encodes the file content to be stored in the storing device and stores a log information, and security maintenance server which receives the log information and a decoding key and decodes the encoded file. The security maintenance client further includes a communication security control part which has a communication program transmitting a file and encodes the file content to be transmitted to a transmission destination of a network and stores a log information. The security maintenance server further includes an automatic key transmission part which receives a decoding key to be transmitted to the transmission destination according to a file transmission security policy after receiving the log information and the transmission destination.

TECHNICAL FIELD

[0001] The present invention relates in general to an integratedinformation security system for preventing internal information outflow,and more particularly, to an integrated information security system formonitoring and preventing off-line information outflow via an outputdevice or a portable storage device and on-line information outflow viacomputer communication programs, to thereby prevent important internalinformation from being flown out.

BACKGROUND ART

[0002] Recently, with the wide spread of computers, data which had beenmanually handled can be processed in digitalized format by computers.

[0003] The increase of data processing and computer communicationsprovides benefits to people, however, it may cause information outflowfor a malicious purpose.

[0004] In most cases, information outflow to a competing organization isdone by a person working for the victim organization, rather than by anexternal source.

[0005] Referring to FIG. 1, conventional methods for flowing outinformation from an organization can be explained as follows.

[0006] The data outflow can be classified into a case executed by anoutput device such as printers or monitors connected to a computersystem of an organization or a portable storage device such asdiskettes, hard disks, CD-R, Zip drivers or CD-RW, and a case executedby Internet or PSTN through a modem attached to a computer (forinstance, data outflow through file uploading to a bulletin or datacollections, e-mail, web-mail, FTP, Internet web-hard, and chattingprograms, etc.)

[0007] Conventional methods for preventing information outflow haveproblems as follows.

[0008] Defensive Measures against Data Outflow through Floppy Disks

[0009] Conventional method I: Floppy disks are removed from personalcomputers of all public users in order to achieve an in-advanceprevention against data outflow through floppy disks.

[0010] Conventional method II: Floppy disks are prevented from readingwhen floppy disks are carried out of an organization.

[0011] Problem: Method I suffers a problem in that public users may notuse floppy disks, and method II suffers a problem in that specificfloppy disks should be discriminated from common disks, and the computerused in the other organization may not discriminate if the disk is foran internal use, formatted one, or damaged one. Furthermore, log datafor the data outflow through a floppy disk is not created, thus makingit impossible to recognize the data related to trial of data outflowthrough floppy disks.

[0012] Defensive Measures against Data Outflow through Hard Disks

[0013] Conventional method: Master boot record is encrypted so as toprevent the system from booting by other user.

[0014] Problem: There is no countermeasure to prevent data outflowexecuted by the owner of the hard.

[0015] Defensive Measures against Data Outflow through Zip-disk,, CD-Ror the like

[0016] Conventional method: A storage medium such as Zip-disk or CD-R isan auxiliary storage device which is gaining in popularity over recentfew years, and has a high efficiency. To achieve an in-advanceprevention against internal data outflow, Zip-disk drives and CD-Rdrives should be removed or eliminated from personal computers of allpublic users, and all communication interfaces (like USB, serial port,parallel port and wireless port) which are employed for a connectionbetween MP3 player and a personal computer, should be removed so as toprevent data outflow through a digital audio player like MP3 player.

[0017] Problem: Public users may not use a portable storage medium.

[0018] Defensive Measures against Data Outflow through Print Outputs orMonitor Outputs

[0019] Conventional method: The content being printed out is monitoredthrough an administration server. This method is described in detail inKorean Patent Application No. 2000-30133entitled “System and method formonitoring and preventing data outflow through output device” which theapplicant of the present invention has filed to the Korean IndustrialProperty Office.

[0020] Defensive Measures Against Data Outflow through Internet or PSTN

[0021] I. Data outflow through e-mail

[0022] Attach important file

[0023] copy the important portion of file and paste the same to a mailtext

[0024] open important file and input the content of the file to a mailtext

[0025] Conventional method: Content of the mail text and the attachedfile is checked so as to determine whether to transmit the mail.

[0026] Problem: When the attached file is encrypted or compressed,content search is impossible. There exists therefore a restriction ofsearching the content of the e-mail or the attached file.

[0027] II. Data outflow through data upload through HTTP(including webmail)

[0028] Conventional method: Data outflow through web sites is performedthrough “post” which is an internal command for HTTP, the command “post”itself can be made unavailable by controlling, through a firewall,commands available in HTTP.

[0029] Problem: Since this method prevents file transmission for allcases, work efficiency may be deteriorated due to the trouble of sendinga file even if the file is an ordinary one.

[0030] III. Data outflow through FTP

[0031] Conventional method: This method is performed by using the filetransmission command “put”, and the command “put” itself can be madeunavailable by controlling, through a firewall, commands available inHTTP.

[0032] Problem: Since this method prevents file transmission for allcases, work efficiency may be deteriorated due to the trouble of sendinga file even if the file is an ordinary one.

[0033] IV. Data outflow through data upload through TELNET orRLOGIN(Z-modem, KERMIT or the like)

[0034] Conventional method: Data upload is the most common method ofdata outflow through TELNET, and protocols like Z-modem or KERMIT areused in this method. A firewall serves to restrict data download andupload through the use of protocols such as Z-modem or KERMIT overTELNET.

[0035] Problem: There exist other methods than data uploading ordownloading over TELNET. Therefore, if the data is transmitted asencoded format rather than as a plain text format, it is impossible tosearch data even through a key-word search. This means that there existsexplicit limitations for preventing data outflow over the use of TELNET.

[0036] V. Data outflow through PSTN

[0037] Conventional method: It is extremely difficult to check dataoutflow through a modem, and the only method for preventing data outflowthrough a modem is to remove modems from personal computers.

[0038] VI. Data outflow through web hard

[0039] VII. Data outflow through network file system

[0040] Besides the above-mentioned communication protocols, there existother protocols available through Internet, which increases thepossibility of internal data outflow. The above-mentioned methods aremost common and suffer a variety of drawbacks, and such conventionalmethods can be summarized to a sentence “The best approach of preventinginternal data outflow through network is to make the network itselfunavailable”. However, this sentence is meaningless since modern societycannot go even a day without using Internet and computer communications.

DISCLOSURE OF INVENTION

[0041] Therefore, it is an object of the present invention to provide anintegrated information security system for preventing internalinformation outflow, in which the information security system monitorsand prevents an off-line information outflow through an output deviceand a portable storage device and an on-line information outflow throughcommunication programs so as to thereby obtain an in-advance preventionagainst information outflow from organization.

[0042] To accomplish the above object of the present invention, there isprovided an integrated information security system for preventinginternal information outflow, the system including a program for storinga file into a storage device; a security administration client having afile security control unit for encoding file content, storing theencoded file into the storage device, and storing log data for filestorage; and a security administration server for receiving, throughcommunications with the file security control unit, log data anddecoding keys for the encoded file and decoding the encoded file.

[0043] Preferably, the storage device is at least one of a remotestorage device and a portable storage device connected to a network.

[0044] Preferably, the security administration client further includes acommunication program for transferring files, and a communicationsecurity control unit for encoding the file content, transferring theencoded file to a destination of the network and storing log data forfile transfer. The security administration server includes an automatickey transfer unit for receiving decoding keys for the encoded filethrough communication with the communication security control unit,receiving the log data and the destination data, and transferringdecoding keys to the destination in accordance with a file transfersecurity policy for the destination.

[0045] Preferably, the communication security control unit receives fromuser input the file content and transfer description upon occurrence offile transfer through the communication program.

[0046] Preferably, the file transfer security policy defines securitylevel for the destination, automatically transfers only decoding keys tothe destination if the security level is a “reliable” level, transfersdecoding keys to the destination and at the same time stores the logdata if the security level is a “cooperative” level, and stores andmanages only the log data if the security level is a “non-reliable”level.

[0047] Preferably, the encoded file being transferred is formed of afile format coupled with codes for decoding the encoded file.

[0048] Preferably, the communication security control unit controlswhether to transfer the file to a network in accordance with thedestination based on the file transfer security policy.

[0049] Preferably, the file transfer security policy allows the file tobe transferred to the destination if the destination is a “reliable”level, allows the file to be transferred to the destination and at thesame time allows the log data to be stored if the destination is a“cooperative” level, and allows file transfer to be interrupted andstores and manages only the log data if the destination is a“non-reliable” level.

[0050] Preferably, the communication security control unit allowscommunication to be interrupted if a source address does not existwithin a preset security group upon occurrence of communication requestfrom the network to the security administration client, and allowscommunication to be interrupted if a destination address does not existwithin the preset security group upon occurrence of communicationrequest from the security administration client to the network.

[0051] Preferably, the preset security group is set into an IP addressgroup by the security administration server.

[0052] Preferably, the communication security control unit makes acomputer clip board for executing the communication program clear andother program inactive when the communication program is activated.

[0053] Preferably, the communication security control unit stores aninformation input through a keyboard of the computer executing thecommunication program and transfers the stored information to thesecurity administration server for storage and management of theinformation.

[0054] Preferably, the security administration client further includesan application program for creating print data and executing print work,and a print control unit for intercepting the print data andtransferring the print data to the security administration server, andthe security administration server receives and outputs the print datawhile communicating with the print control unit.

[0055] Preferably, the security administration client further includes ahardware control unit for transferring the content output onto a monitorto the security administration server in accordance with the requestfrom the security administration server.

[0056] Preferably, the hardware control unit enables/disables an inputdevice function of the security administration client in accordance withthe request from the security administration server.

[0057] Preferably, the file security control unit transfers programsinstalled in the security administration client and hardware informationto the security administration server.

[0058] Preferably, the file security control unit prevents the installedprogram from opening, in accordance with a request from the securityadministration server, so as to prevent the program from starting.

[0059] Preferably, the security administration server manages a list ofprogram available to the security administration client, and preventsprograms which are not included in the available program list from amongthe installed programs from starting.

[0060] Preferably, the computer storage device has a master bootrecord(MBR) which is encoded, and the encoding key value is constitutedby characteristic hardware serial number of the computer, so as tocontrol access to a computer having the security administration clientinstalled therein.

[0061] Preferably, the hardware serial number is stored and managed bythe security administration server.

[0062] Preferably, the file security control unit decodes, through theuse of the decoding key, the encoded file stored in the storage device,stores the decoded file to the storage device, and transfers the contentof the file to the security administration server together with thetransfer description.

[0063] Preferably, the file security control unit decodes, through theuse of the decoding key, the encoded file stored in the storage devicein accordance with the read request from the security administrationclient program, and transfers the result to the security administrationclient program.

[0064] Preferably, the security administration server allows thedecoding key value to be shared with each file security control unit ofsecurity administration clients existing within the preset securitygroup, and thus allows the encoded file stored in the storage device tobe decoded and read within the security group.

[0065] Preferably, the security administration client is installed in aplurality of user computers, and receives authorization from thesecurity administration server when uninstalled from the user computer.

[0066] Preferably, the file security control unit controls whether tooperate the storage device in accordance with the request from thesecurity administration server.

[0067] Preferably, the file security control unit receives transferdescription and transfers the file description to the securityadministration server in case of storing the file in the storage devicethrough the program.

[0068] Preferably, the security administration client further includes atemporary log data storage unit for storing the log data upon occurrenceof interruption of communications with the security administrationserver, and transfers the stored log data to the security administrationserver when communication with the security administration server isrecovered.

BRIEF DESCRIPTION OF THE DRAWINGS

[0069] The present invention as well as a preferred mode of use, furtherobjects and advantages thereof will be best understood by reference tothe following detailed description of an illustrative embodiment whenread in conjunction with the accompanying drawings, wherein:

[0070]FIG. 1 illustrates types of information outflow possibly carriedout by a person working for the victim organization;

[0071]FIG. 2 illustrates an integrated security service for a variety ofuser computers through an information security system for monitoring andpreventing information outflow according to the present invention;

[0072]FIG. 3 illustrates an integrated information security system forpreventing internal information outflow according to the presentinvention;

[0073]FIG. 4a illustrates an off-line transfer description input windowfor inputting transfer description when file is transferred to aportable storage device through a file security control unit accordingto the present invention;

[0074]FIG. 4b illustrates an example where the content input to theoff-line transfer description input window is stored in an off-line filetransfer log database of a security administration server;

[0075]FIG. 5a illustrates the format(SDFA) of a on-line transfer filebeing transferred through a communication program according to thepresent invention;

[0076]FIG. 5b illustrates a screen of an on-line file transfer executedby a receiver;

[0077]FIG. 6a illustrates an on-line transfer description input windowfor inputting transfer description when a file is transferred over anetwork through a communication security control unit according to thepresent invention;

[0078]FIG. 6b illustrates an example where the content input to theon-line transfer description input window is stored in an on-line filetransfer log database of a security administration server;

[0079]FIG. 7 illustrates a file transfer security policy for securitylevel of destination for each type of communication program according tothe present invention;

[0080]FIG. 8a illustrates configuration of security group managementdatabase for user computers A, B and C;

[0081]FIG. 8b illustrates configuration of security group managementdatabase for user computers D and E;

[0082]FIG. 8c illustrates a concept of access control in the event ofsharing portable storage device and network within the same securitygroup according to the present invention;

[0083]FIG. 9 illustrates a booting sequence for a conventional computersystem;

[0084]FIG. 10a illustrates a system access procedure through a masterboot record (MRB) encryption according to the present invention;

[0085]FIG. 10b illustrates an MRB database for the securityadministration server for storing and managing MRB password forencryption of master boot record; and

[0086]FIG. 11 illustrates an embodiment of a control board for thesecurity administration server according to the present invention.

BEST MODE FOR CARRYING OUT THE INVENTION

[0087] With reference now to the figures, an integrated informationsecurity system for preventing internal information outflow will beexplained in more detail.

[0088] Terms used throughout the specification are defmed consideringfunctions of elements in the present invention. Therefore, it should bereadily understood that the terms of the present invention are notlimited to the specific type of elements described herein and can bevaried according to the intention of those skilled in the art or usualpractice.

[0089] Specifically, in an embodiment of the present invention, since anencoding system employed for encoding a transfer file is a symmetricencoding system, encoding keys and decoding keys have same values.Therefore, encoding keys and decoding keys or file encoding keys andfile decoding keys can be used as mixed since the file encoded byencoding keys can be decoded by decoding keys(i.e., encoding keys).

[0090] Referring to FIGS. 2 and 3, a security administration client 1100of a user computer 1000 automatically encodes a file through a filesecurity control unit 1110 using preset encoding keys and stores theencoded file into a portable storage device 1200 so as to prevent anoff-line information outflow through the portable storage device 1200,when the file is stored through a program 1300 in the portable storagedevice 1200 such as floppy disks, Zip-disks, flesh memory, MP-3 players,small digital storage device, and the like.

[0091] Subsequently, log data(including file name, user and timeinformation) and encoding key information are transferred to a securityadministration server 2000, and stored in an overall security groupmanagement database 2100 and a file transfer log database 2200,respectively.

[0092] Preferably, the encoding key is created upon installation of thesecurity administration client 1100 to the user computer 1000, andstored in a security group management database 1120 of the securityadministration client 1100. The security group management database 1120stores and manages encoding keys of user computers existing within thesame security group, and the overall security group management database2100 of the security administration server 2000 stores and managesencoding keys of user computer existing within all security groups.

[0093] An automatic encoding of file can be explained in more detail, asfollows. Upon occurrence of file storage event, encoding keys of theuser computer 1000 are searched from the security group managementdatabase 1120 and input to the file security control unit 1110.Subsequently, the file security control unit 1110 takes as an input thecontent of the file to be stored, encodes the received file content byusing encoding keys of the user computer 1000, and stores the encodedfile in the portable storage device 1200.

[0094] The file security control unit 1110 controls whether or not tooperate the portable storage device 1200 in accordance with the requestfrom the security administration server 2000, and receives transferdescription from a user and transmits the same to the securityadministration server 2000 upon storing of file into the portablestorage device 1200 through the program 1300. For instance, upontransfer of file through a CD-recorder, the security administrationserver 2000 permits use of CD-recorder after receipt of transferdescription for the file transfer through the use of CD-recorder.

[0095] Meanwhile, the file security control unit 1110 receives thedecoding key(same as the encoding key) of the user computer 1000 fromthe security group administration database 1120, decodes the encodedfile by using the decoding key and transfers the decoded file to theprogram 1300, in accordance with the read request made from the program1300 with respect to the encoded file stored in the portable storagedevice.

[0096] Thus, the program 1300 reads and executes the encoded file storedin the portable storage device 1200, and stores into the portablestorage device 1200 the file which is automatically encoded aftercompletion of execution.

[0097] The security administration server 2000 may constitute a securitygroup in accordance with the control of the security administrator, andread without restriction the file encoded and stored in a portablestorage device within a security group since encoding keys for each usercomputer 1000 are shared within the same security group. Such anembodiment will be described in detail with reference to FIG. 8.

[0098] To legally take an encoded file out of the portable storagedevice 1200, a user receives decoding keys(same as encoding keys) fromthe security group management database 1120 of the user computer 1000 bythe file security control unit 1110, decodes the encoded file by usingdecoding keys, and stores the decoded file into the portable storagedevice 1200. Here, the user inputs transfer description via the off-linetransfer description input window shown in FIG. 4a, and the inputcontent is stored in the off-line file transfer log database of thesecurity administration server 2000 as shown in FIG. 4b.

[0099] As shown in FIGS. 4a and 4 b, the name of the file to betransferred is “study result.txt”, and the transfer description(purpose)is “to shard the study result”.

[0100] As another embodiment of the present invention, the securityadministration server control unit 2300 decodes the encoded filerecorded in the portable storage device 1200 by using decoding keysreceived from the system which encodes the file stored in the overallsecurity group management database 2100.

[0101] In addition, the security administrator recognizes, through logdata for file outflow, the number of trials of information outflow triedvia the portable storage device 1200. Preferably, the same is true tothe storage device(not shown) connected to a network.

[0102] To prevent information outflow through the use of output devicesuch as a printer 1400, a print control unit 1130 of the user computer1000 intercepts the print data created by an application program 1500and transmits the print data to the security administration server 2000.Then, the print data is stored in a print log database 2400 of thesecurity administration server 2000, and output in accordance with therequest from the security administrator made through a control panel2500.

[0103] To prevent information outflow through the use of a communicationprogram 1600, the security administration client 1100 of the usercomputer 1000 allows the file to be automatically encoded by thecommunication security control unit 1140, transfers the encoded file tothe destination via a network device 1700 such as a modem, LAN cards andthe like, and transfers the relevant log data such as destination, filename, user and time information, and an encoding key information to thesecurity administration server 2000 for storage, when the file istransferred to a network 3000 such as Internet, PSTN, radio network andthe like.

[0104] The process of automatically encoding file and transmitting theencoded file can be described in detail, as follows. Upon occurrence offile opening from a hard disk 1800, the communication security controlunit 1140 encodes, by using the session encoding key created from asession key generation unit(not shown), the content of file to beopened, and transmits the encoded file to a receiver through the network300. The communication security control unit 1140 transfers the encodedfile with a decoding program code attached thereto as shown in FIG. 5a,and allows the receiver to receive decoding keys and decode the encodedfile by using decoding keys as shown in FIG. 5b.

[0105] Preferably, a communication program 1600 is a web mail programusing a web browse.

[0106] The transferred encoded file(i.e., formatted file as shown inFIG. 5a) has content understandable only through the decoding keyreceived from the security administration client 1100. Therefore, ahacker 4000 who is not provided with decoding keys from the securityadministration server 2000 cannot see the file content. Thus,information outflow can be prevented.

[0107] Upon occurrence of file transfer event through the communicationprogram 1600, the communication control unit 1140 receives from a userinput the file content, transfer description and receiver informationthrough the on-line transfer description input window shown in FIG. 6a,and stores the received information into an on-line file transfer logdatabase of the file transfer log database 2200 of the securityadministration server 2000 as shown in FIG. 6b.

[0108] Preferably, an automatic key transfer unit 2310 of the securityadministration server 2000 receives log data with respect to the encodedfile transfer, destination and receiver information from the securityadministration client 1100 of the user computer 1000, and automaticallytransfers decoding keys for the encoded file in accordance with the filetransfer security policy preset in the file transfer security policydatabase 2600.

[0109] The security administrator establishes file transfer securitypolicy by defining security level for the destination and the receiver.

[0110]FIG. 7 illustrates file transfer security policy for the case ofusing SMTP mail and web mail.

[0111] Preferably, the automatic key 7 transfer unit 2310 transfers onlythe decoding key to the destination if the security level is a“reliable” level, transfers the decoding key and at the same time storeslog data into the file transfer log database 2200 if the security levelis a “cooperative” level, and stores and manages only log data into thefile transfer log database 2200 if the security level is a“non-reliable” level, as shown in FIG. 7.

[0112] According to another embodiment of the present invention, in casewhere the communication program 1600 is a mail agent program which usesSMTP protocol, the communication security control unit 1140 of thesecurity administration client 1100 controls whether or not to transferfile in accordance with a file transfer security policy, when the fileis transferred to the network 3000 through the communication program1600.

[0113] The file transfer security policy permits the file to betransferred to the destination if the security level of the destinationis a “reliable” level, permits the file to be transferred to thedestination and at the same time stored in the security administrationserver 2000 if the security level of the destination is a “cooperative”level, and interrupts file transfer, stores only the log data into thesecurity administration server 2000 and manages the stored log data ifthe security level of the destination is a “non-reliable” level, asshown in FIG. 7.

[0114] The communication security control unit 1140 interruptscommunication if the source IP address does not exist within thesecurity group preset in the security group management database 1120when communication request is made from the network 3000 to the securityadministration client 1100, and interrupts communication if thedestination IP address does not exist within the security group presetin the security group management database 1120 when communicationrequest is made from the security administration client 1100 to thenetwork 3000.

[0115] Since technique for interrupting a specific communication is wellknown to the person skilled to the art, detailed description thereofwill be omitted.

[0116] The security group management database 1120 of the securityadministration client 1100 is set by an administrator through thecontrol panel 2500 of the security administration server 2000, andconstituted by an IP address list within the same security group and afile encoding key list.

[0117] The process of sharing encoding file stored in a portable storagedevice within the same security group and controlling access to eachother through a network is described with reference to FIG. 8, asfollows.

[0118] First, the security group database 1120 of the user computer (A)is as shown in FIG. 8a. In case where a file is transferred from theuser computer (A) to the portable storage device 1200, user computer (Bor C) has the security group management database 1120 as shown in FIG.8a. Therefore, it is possible to read the file through each filesecurity control unit 1110 by using the file encoding key(i.e.,“12345678y”) of the user computer (A) stored in the database. However,user computer (D or E) has the security group management database 1120as shown in FIG. 8b, it is impossible to read the file encoded in theuser computer(A).

[0119] In the meantime, user computer (A) is capable of making access tothe user computer (B), however, it is incapable of making access to theuser computer (D) which does not belong to the same security group. Inaddition, the user computer (A) allows for the access from the usercomputer (B or C), however, does not allow for the access from the usercomputer (D or E) which does not belong to the same security group. Sucha restriction for access is performed by each communication securitycontrol unit 1140, with reference to the security group managementdatabase 1120 of each user computer 1000.

[0120] Preferably, when the communication program 1600 is activated inthe user computer 1000, that is, when the communication program windowis maximized, the communication security control unit 1140 makes theclip board(not shown) of the user computer 1000 executing acommunication program clear and inactivates all other programs currentlyin the activated state(i.e., minimizes all program windows).

[0121] Thus, important file content can be prevented from being opened,copied and pasted to the communication program text after starting ofthe communication program.

[0122] The communication security control unit 1140 stores informationwhich is input through a keyboard and transfers the same to the securityadministration server 2000 when a communication program is activated inthe user computer 1000.

[0123] According to the request from the security administration server2000, the hardware control unit 1150 of the security administrationclient 1100 transfers the content output to a monitor 1900 a so as toallow the content to be output in real time onto the control panel 2500.Alternately, the hardware control unit 1150 transfers to the securityadministration server 2000, the data which is created by periodicallyscreen-capturing the output content of a monitor 1900 a, so as to allowthe captured data to be stored in a screen capture database 2000. Thehardware control unit 1150 enables/disables function of an input device1900 b in accordance with the request from the security administrationserver 2000.

[0124] The security administration client 1100 transfers the programinstalled in the user computer 1000 and the hardware information of thecomputer to the security administration server 2000 in response to therequest from the security administration server 2000. The securityadministration client 1100 is constituted by a registry(not shown)information, program registration information and system managerinformation searched from the user computer 1000.

[0125] The security administration client 1100 can prevent a specificprogram from starting in accordance with the request from the securityadministration server 2000, and the security administration server 2000manages available authorized software list, and disables the programwhich is not included in the list, from among the computer programstransferred through the security administration client 1100. By thismethod, use of an unauthorized software throughout an organization canbe prevented.

[0126] The security administration client 1100 needs authorization fromthe security administration server 2000 when installed in or uninstalledfrom the user computer 1000. For example, whether a securityadministrator has an authority is checked, through a connection to thesecurity administration server 2000, during execution of uninstallroutine, and only the authorized administrator can permituninstallation.

[0127] When communication with the security administration server 2000is interrupted, the security administration client 1100 stores, into atemporary log data storing unit 1160, the log data(such as file transferinformation or network use state) to be transferred to the securityadministration server 2000, and transfers the log data stored in thetemporary log data storing unit 1160 to the security administrationserver 2000 when the communication with the security administrationserver 2000 restarts. Thus, the information security service same asthose described above can be supplied even when communicationinterruption has occurred due to a user's intention or a networktrouble.

[0128] Preferably, master boot recorder of the user computer 1000 isencoded, and only the system of the corresponding user computer isnormally booted. Here, the key value is constituted by a hardware serialnumber(for example, communication card serial number(MCA) orprocessor(CPU) serial number) unique to the user computer.

[0129] Meanwhile, the security administration server 2000 manages uniquehardware serial number so as to boot the hard disk of the user computer1000. Therefore, the unique hardware serial number is utilized when thehard disk is legally installed to other computer.

[0130] Thus, the hard disk may not be read when the hard disk is flownout by a computer user or other person, preventing information outflowthrough the hard disk.

[0131] A conventional booting procedure and access control for acomputer system can be explained with reference to FIG. 9.

[0132] First, booting method can be divided into a method through afloppy booting disk and a method through a hard disk. When the power ofcomputer system is turned on, the system self-checks its state, which iscalled a “power-on self-test”. When the floppy disk is inserted into thedrive, the system first reads the booting sector of the floppy bootingdisk and then the hard disk partition information, and loads to thememory address 0000:7C00 so as to proceed with the system booting. Ifthe floppy disk is not inserted, the system reads the booting sector ofthe hard disk so as to perform MBR code, and then the hard diskpartition information, and loads to the memory address 0000:7C00. Systemaccess can be controlled by granting access to the partition informationonly when an authorization code for the system access control is inputto the MBR code and a correct password is input.

[0133] A process of obtaining grant for system access through encodingprocess for a master boot record(MBR) can be explained with reference toFIG. 10. The result obtained by extracting system hardware informationand encoding by MD5 is stored into the user computer 1000 and an MBRdatabase 2700 of the security administration server 2000, respectively,as shown in FIG. 10b, when the security administration client 1100 isinstalled in the user computer 1000.

[0134] When a booting is tried after completion of installation of thesecurity administration client 1100, the booting procedure proceedsnormally if the password obtained by processing the hardware informationthrough the use of MD5 and the pre-created password match with eachother. If both passwords do not match, 128-bit character string is inputthrough an MBR password input window so as to check the passwords. Thatis, when the hard disk having the security administration client 1100installed therein, is installed and used normally in other computer, MBRpassword for the user computer installed with the hard disk is obtainedfrom the MBR database 2700 and input to the MBR password input window.

[0135] To perform all functions of the present invention describedabove, the security administrator controls all security administrationclients 1100 via the control panel 2500 of the security administrationserver 2000 as shown in FIG. 11.

Industrial applicability

[0136] As described above, an integrated information security system forpreventing internal information outflow of the present invention isadvantageous in that the system monitors and prevents off-lineinformation outflow via an output device or a portable storage deviceand on-line information outflow via computer communication programs, tothereby prevent important internal information from being flown out.

[0137] Many modifications and variations of the present invention arepossible in the light of the above techniques, it is therefore to beunderstood that within the scope of the appended claims, the preventinvention may be practiced otherwise than as specifically described.

[0138] By way of example, the integrated information security system ofthe present invention can be applied to all types of files transferablethrough a connection between a storage device and the communication andoutput interface installed in the user computer, such as a serial port,parallel port, USB port, IEEE1394 port or radio port.

[0139] In the above-described embodiment, database of the securityadministration server is managed by user computer units. However, it isalso possible to manage the database by user units.

What is claimed is:
 1. A total system for preventing information outflowfrom inside, comprising a program for storing a file into a storagedevice; a security administration client having a file security controlunit for encoding file content, storing the encoded file into saidstorage device, and storing log data for file storage; and a securityadministration server for receiving, through communications with saidfile security control unit, log data and decoding keys for said encodedfile and decoding said encoded file.
 2. A total system for preventinginformation outflow according to claim 1, wherein said storage device isat least one of a remote storage device and a portable storage deviceconnected to a network.
 3. A total system for preventing informationoutflow according to claim 1, wherein said security administrationclient further comprises a communication program for transferring files,and a communication security control unit for encoding said filecontent, transferring the encoded file to a destination of said networkand storing log data for file transfer, and said security administrationserver comprises an automatic key transfer unit for receiving decodingkeys for said encoded file through a communication with saidcommunication security control unit, receiving said log data anddestination data, and transferring decoding keys to said destination inaccordance with a file transfer security policy for said destination. 4.A total system for preventing information outflow according to claim 3,wherein said communication security control unit receives said filecontent and transfer description from a user input upon occurrence offile transfer event through said communication program.
 5. A totalsystem for preventing information outflow according to claim 3, whereinsaid file transfer security policy defines security level for saiddestination, automatically transfers only decoding keys to saiddestination if a security level is a “reliable” level, transfersdecoding keys to said destination and at the same time stores said logdata if a security level is a “cooperative” level, and stores andmanages only said log data if a security level is a “non-reliable”level.
 6. A total system for preventing information outflow according toclaim 3, wherein said encoded file being transferred is constituted by afile format coupled with codes for decoding said encoded file.
 7. Atotal system for preventing information outflow according to claim 3,wherein said communication security control unit controls whether totransfer said file to said network in accordance with said destinationbased on said file transfer security policy.
 8. A total system forpreventing information outflow according to claim 7, wherein said filetransfer security policy allows said file to be transferred to saiddestination if said destination is a “reliable” level, allows said fileto be transferred to said destination and at the same time allows saidlog data to be stored if said destination is a “cooperative” level, andallows file transfer to be interrupted and stores and manages only logdata if said destination is a “non-reliable” level.
 9. A total systemfor preventing information outflow according to claim 3, wherein saidcommunication security control unit allows communication to beinterrupted if a source address does not exist within a preset securitygroup upon occurrence of communication request from said network to saidsecurity administration client, and allows communication to beinterrupted if a destination address does not exist within a presetsecurity group upon occurrence of communication request from saidsecurity administration client to said network.
 10. A total system forpreventing information outflow according to claim 9, wherein said presetsecurity group is set into an IP address group by said securityadministration server.
 11. A total system for preventing informationoutflow according to claim 3, wherein said communication securitycontrol unit makes a computer clip board for executing saidcommunication program clear and other program inactive when saidcommunication program is activated.
 12. A total system for preventinginformation outflow according to claim 3, wherein said communicationsecurity control unit stores an information which is input through akeyboard of a computer executing said communication program, andtransfers the stored information to said security administration serverfor storage and management of said information.
 13. A total system forpreventing information outflow according to claim 1, wherein saidsecurity administration client further comprises an application programfor creating print data and executing print work, and a print controlunit for intercepting said print data and transferring said print datato said security administration server, and said security administrationserver receives and outputs said print data while communicating withsaid print control unit.
 14. A total system for preventing informationoutflow according to claim 1, wherein said security administrationclient further comprises a hardware control unit for transferringcontent output onto a monitor to the security administration server inaccordance with a request from said security administration server. 15.A total system for preventing information outflow according to claim 14,wherein said hardware control unit enables/disables an input devicefunction of said security administration client in accordance with arequest from said security administration server.
 16. A total system forpreventing information outflow according to claim 1, wherein said filesecurity control unit transfers programs installed in said securityadministration client and hardware information to said securityadministration server.
 17. A total system for preventing informationoutflow according to claim 16, wherein said file security control unitprevents said installed program from opening, in accordance with arequest from said security administration server, so as to prevent saidprogram from starting.
 18. A total system for preventing informationoutflow according to claim 17, wherein said security administrationserver manages a list of program available to said securityadministration client, and prevents programs which are not included insaid available program list from among said installed programs fromstarting.
 19. A total system for preventing information outflowaccording to claim 1, wherein said computer storage device has a masterboot record(MBR) which is encoded, and an encoding key value isconstituted by characteristic hardware serial number of said computer,so as to control access to a computer having said securityadministration client installed therein.
 20. A total system forpreventing information outflow according to claim 19, wherein saidhardware serial number is stored and managed by said securityadministration server.
 21. A total system for preventing informationoutflow according to claim 1, wherein said file security control unitdecodes, through use of said decoding key, an encoded file stored insaid storage device, stores the decoded file to said storage device, andtransfers content of said file to said security administration servertogether with a transfer description.
 22. A total system for preventinginformation outflow according to claim 1, wherein said file securitycontrol unit decodes, through use of said decoding key, an encoded filestored in said storage device in accordance with a read request madefrom said security administration client program, and transfers thedecoded file to said program.
 23. A total system for preventinginformation outflow according to claim 9 or claim 22, wherein saidsecurity administration server allows said decoding key value to beshared with each file security control unit of security administrationclients existing within said preset security group, and thus allows saidencoded file stored in said storage device to be decoded and read withinsaid security group.
 24. A total system for preventing informationoutflow according to claim 1 or claim 3, wherein said securityadministration client is installed in a plurality of user computers, andreceives authorization from said security administration server whenuninstalled from said user computer.
 25. A total system for preventinginformation outflow according to claim 1, wherein said file securitycontrol unit controls whether to operate said storage device inaccordance with a request from said security administration server. 26.A total system for preventing information outflow according to claim 1,wherein said file security control unit receives transfer descriptionand transfers the file description to said security administrationserver in case of storing said file in said storage device through saidprogram.
 27. A total system for preventing information outflow accordingto claim 1, wherein administration client further comprises a temporarylog data storage unit for storing said log data upon occurrence ofinterruption of communications with said security administration server,and transfers said stored log data to said security administrationserver when communication with said security administration server isrecovered.